announce Tahoe v0.5.1
[Imported from Trac: page News, version 20]
parent
eb2303f08c
commit
6db1f18864
26
News.md
26
News.md
|
@ -2,31 +2,11 @@
|
|||
|
||||
## Latest News
|
||||
|
||||
### 2007-08-21 -- security flaw
|
||||
### 2007-08-23 -- Allmydata Tahoe v0.5.1 released!
|
||||
|
||||
Nathan Wilcox has discovered that the new web API in allmydata-tahoe
|
||||
version 0.5 is vulnerable to XSRF attack. An XSRF -- or "Cross-Site
|
||||
Reference Forgery" attack -- is one in which an attacker creates an
|
||||
innocuous-looking hyperlink, and if a user clicks on that hyperlink
|
||||
then it causes deletion or theft of the user's data. We are working
|
||||
on a fix for this problem, and in the meantime if you have stored any
|
||||
private or precious data on a tahoe grid, then you can make sure that
|
||||
you are not exposed to this threat by shutting down your tahoe node
|
||||
before browsing the web.
|
||||
This fixes a security flaw in Tahoe v0.5.0.
|
||||
|
||||
You can read more about the attack and our fix in the mailing list archves:
|
||||
|
||||
<http://allmydata.org/pipermail/tahoe-dev/>
|
||||
|
||||
and in this bug tracker ticket:
|
||||
|
||||
<http://allmydata.org/trac/tahoe/ticket/98>
|
||||
|
||||
### 2007-08-17 -- Allmydata Tahoe v0.5 released!
|
||||
|
||||
This version adds a RESTful API allowing you to program your Tahoe node in the language of your choice, as well as a command-line API in the Unix style, and some performance improvements.
|
||||
|
||||
Please see [the Release Notes]source:relnotes.txt@1129.
|
||||
Please see [the Release Notes]source:relnotes.txt@1154.
|
||||
|
||||
## Old News
|
||||
|
||||
|
|
Loading…
Reference in a new issue